1. Field of the Invention
The present invention relates to an application authentication system in which a card application operated on a secure device (an IC card, or the like) can authenticate an application operated on a terminal device (a mobile terminal device, or the like). The present invention also relates to the secure device, and the terminal device. More particularly, the present invention provides the system, the secure device, and terminal device capable of realizing an authenticating process required when the application operated on the terminal device makes use of the secure device.
2. Description of the Related Art
In recent years, a secure device (such as the IC card, or the like) capable of securely storing the information is utilized in a variety of applications (such as the electronic commerce, the access management, the commutation ticket, and so on). In the future, it is expected the applications be broadened more and more by using practically a mobile function of a mobile terminal device, or the like.
FIG. 8 shows schematically a variety of services that will be carried out by executing an application operated on a mobile terminal device 30 while utilizing secure data stored in a secure device 10.
As set forth in following Non-Patent reference 1 (“Interface” 2003, March, The CQ Publishing Co., Ltd., pp. 82 to 90), the application (card application) operated in the secure device is formed by the programming language (such as Java (registered trademark), or the like) and is installed into the secure device. Such card application authenticates an external application that demands the utilization of the secure data stored in the secure device, and then accepts a command of the external application is after such card application verified the security.
However, the conventional secure device does not have an authenticating means for authenticating the application that is downloaded into a mobile terminal device. Therefore, such application being downloaded into the mobile terminal device cannot utilize the data stored in the secure device.
This is on the ground of following circumstances.
Normally, in the authenticating process to identify a person, it is checked whether or not a person knows information that only the identical person can know. And then, the person is authenticated as the identical person if the person knows the information. FIG. 9 shows schematically a behavior exhibited when a cross authentication according to this system is applied to a card application 11 of the secure device 10 and a terminal application (assume a Java (registered trademark) application described by the Java (registered trademark) language is used) 31 of the mobile terminal device 30. The secure device 10 having a function of saving secret data can hold secret information (a cryptographic key, or the like) in a tamper resistant area that is securely constructed by hardware. Meanwhile, since the security is required to permit the mobile terminal device 30 to deal with the secret information, the overall area 31 must be constructed to have a tamper resistance, or the area 31 must be authenticated by a tamper resistant area 35 that is provided to hold the secret information. In such situation, the cross authentication is established if the card application 11 and the Java (registered trademark) application 31 operated under control of an OS (or VM (Virtual Machine)) 32 of the mobile terminal device 30 can confirm the fact that they hold a common secret information mutually by exchanging their information.
However, actually the mobile terminal device 30 does not have the area in which the secret information can be stored securely. For this reason, the card application 11 cannot execute the cross authentication by using the common secret information. Therefore, the Java (registered trademark) application 31 downloaded into the mobile terminal device 30 could not utilize the data stored in the secure device up to now.
In such circumstances, in the situation that the secure device 10 is fitted to the mobile terminal device 30 to accept the service from a service server via a network, the service server that is authenticated mutually by the secure device 10 can utilize the data stored in the secure device 10, nevertheless the mobile terminal device 30 can fulfill only the role of a clay pipe to pass through the data until now. As a result, as shown in FIG. 8, such a system could not be implemented that the application of the mobile terminal device 30 reads/writes the data from/into the secure device 10 to execute a high level processing such as calculation, display, or the like.